Hackers exploit casino's smart thermometer to steal database info

Having a whole bunch of smart objects like lights, appliances, and thermometers can make life a little more convenient for businesses, but buying into the internet of things can also make those same businesses more vulnerable to hackers.

Nicole Eagan, CEO of cybersecurity company Darktrace, revealed Thursday that a casino fell victim to hackers thanks to a smart thermometer it was using to monitor the water of an aquarium they had installed in the lobby, Business Insider reported. The hackers managed to find and steal information from the casino’s high-roller database through the thermometer.

“The attackers used that to get a foothold in the network,” Eagan said at a Wall Street Journal panel. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”

That database may have included information about some of the unnamed casino’s biggest spenders along with other private details, and hackers got a hold of it thanks to the internet of things.

As Eagan explained at the panel, the proliferation of connected smart devices makes people more vulnerable to cyber attacks. Hardly a surprise revelation, but this case stands as a good object example of the risks.

“There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices,” she said. “There’s just a lot of IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses.”

Because these devices tend to be very basic, they often don’t include added security features outside of the common WPA2 Wi-Fi protocol, which by itself isn’t a great line of defense. Of course, people are working to make these devices safer and more secure, but the world is still a long way off from being totally safe from hackers who exploit the internet of things.